Back to EUR-Lex homepage

EUR-Lex Access to European Union law

Back to EUR-Lex homepage

This document is an excerpt from the EUR-Lex website

Use quotation marks to search for an "exact phrase". Append an asterisk (*) to a search term to find variations of it (transp*, 32019R*). Use a question mark (?) instead of a single character in your search term to find variations of it (ca?e finds case, cane, care).
Search tips
Need more search options? Use the Advanced search
You are here

Glossary of summaries

Data protection

Data protection refers to rules regarding the rights of natural persons (individuals) to have their personal data (any information that relates to an identified or identifiable living person) protected and the duties of public authorities, businesses and other organisations to protect these data.

The right to the protection of personal data is a fundamental right enshrined in the EU Charter of Fundamental Rights . It belongs to the set of values protected under Article 2 of the Treaty on European Union and it contributes to the realisation of the EU’s objectives under Article 3 of the treaty.

Article 16 of the Treaty on the Functioning of the European Union grants all individuals the right to the protection of their personal data. It also requires the European Parliament and the Council of the European Union to lay down rules to protect individuals with regard to the processing of personal data by EU institutions, bodies, offices and agencies, and by the Member States when carrying out activities that fall within the scope of EU law.

Article 8 of the EU Charter of Fundamental Rights requires that personal data be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by EU law. Each individual, furthermore, has the right of access to data which has been collected concerning him or her, and the right to have it rectified. Compliance with these rules shall be subject to the control of an independent authority.

Over the years, the EU has enacted several pieces of legislation to ensure the protection of personal data, including those listed below.

  • Regulation (EU) 2016/679 on protecting individuals with regard to the processing of personal data and on the free movement of those data, known as the GDPR (general data protection regulation.
  • Directive (EU) 2016/680 on protecting individuals when personal data are used by law enforcement authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties.
  • Regulation (EU) 2018/1725 laying down rules for protecting individuals with regard to the processing of personal data by the EU institutions, bodies, offices and agencies and on the free movement of those data.
  • Directive 2002/58/EC on the processing of personal data and the protection of privacy in the electronic communications sector.

In addition, the EU has adopted different instruments concerning personal data transfers to non-EU countries and various other arrangements with non-EU countries concerning personal data transfers. These include adequacy decisions, standard contractual clauses and international agreements, such as the EU–US umbrella agreement on protecting personal information relating to preventing, investigating, detecting and prosecuting criminal offences, agreements on passenger name records (with Australia, Canada and the United States) and the EU–US terrorist finance tracking programme.

SEE ALSO

Top